We don’t condone piracy at all, but this is definitely news-worthy. It seems that a Russian hacker has developed a way to bypass Apple’s in-app purchasing in almost any app. It only requires sending your iPhone’s information to some random server…
Like I said, I would stay clear of this hack. But either way it seems like the website is down, and the hacker can’t handle the high traffic he’s received since uploading
the video below. Apple has removed the video from YouTube since this post went live. (see update below)
The video has been removed because of a copyright claim from Apple
Hopefully Apple will jump on top of this App Store bug soon. The website currently has no further method of executing the hack due to the traffic that has bogged down the server.
According to 9to5Mac and the video above, this is how it works:
The developer explained the three steps of the hack, which include the installation of CA certificate, the installation of in-appstore.com certificate, and the changing of DNS record in wi-fi settings. After the quick process, users are presented with the message pictured above when installing in-app purchases, opposed to Apple’s usual purchase confirmation dialog.
I wouldn’t trust a hack like this EVER. You’re sending personal information about your iPhone to a remote server somewhere in Russia… Seriously…
I mean who knows where your information will end up. Furthermore, we still have no idea what information is being sent. It’s all a big risk and besides, it’s stealing and hurts developers big time. It could also result in trouble with your Apple ID, as no one knows if Apple has access to find out who was using this method.
Thought you should know about it. But again, please don’t pirate software…
Update: Apple is conducting an investigation on this workaround. Since the initially report, Apple has responded with a comment on the matter to The Loop:
“The security of the App Store is incredibly important to us and the developer community,” Apple representative Natalie Harrison, told The Loop. “We take reports of fraudulent activity very seriously and we are investigating.”
The Next Web also has an interesting interview with the man who initially created this App Store hack. Give it read. In the interview he discusses exactly how this was accomplished and what Apple needs to do to fix it.